You can still buy phones running Android 2.3 (Gingerbread), even though Google released the last distribution, version 2.3.7, in September, 2011. In the meantime, numerous security flaws have been discovered in Gingerbread and users are vulnerable to them.
For this, the ACLU blames AT&T, Sprint, T-Mobile and Verizon Wireless. The logic in their plea to the FTC is so shoddy that I have to suspect an ulterior motive. In whose interests is the ACLU operating here?
I got in an argument with a bunch of lawyers about this on a mailing list, and you can see how so many want to believe the worst about the carriers. It's easy to bash the carriers and I don't like them either, but that doesn't make them at fault for this problem.
Once they start releasing a new major version of Android, Google stops updating the old ones. Note that the release date of 2.3.7 is September 11, 2011 and the release date for 4.0 (Ice Cream Sandwich) is October 19, 2011. Version 3.x (Honeycomb) was a dead-end of sorts that started as Google's attempt to support tablets on Android, but was largely abandoned for 4.0. The next version for phones after 2.3.7 was 4.0.
And yet the hardware requirements for 4.0 are substantially greater than those for Gingerbread. See chapter 7 in both the Android 2.3 Compatibility Definition and the Android 4.0 Compatibility Definition: Just one of the differences is that the minimum RAM requirement went from 128MB to 340MB.
I'm sure Gingerbread devices typically have no more than 256MB, and no phones are upgradable for memory. The result is that it's impossible for the carriers to update the phones.
Who is to blame? If there's any to asses, I'll give it to Google for providing security patches only in a new major version of the operating system with elevated hardware requirements. Contrast this with, for example, Microsoft's continuing provision of security updates for Windows XP, even for pirated copies, 12 years after initial release.
Someone suggested to me that maybe this is true for Gingerbread, but what about Ice Cream Sandwich phones that aren't upgraded to Jelly Bean (Android 4.1 and 4.2)? I think it's worth pointing out that there are also hardware and software requirements changes in 4.1 that would take time for carriers to implement, and it's possible that handset makers didn't deem such task as possible or worth the trouble to provide the update.
Notice I didn't say "carrier" in that last paragraph, because it's not their job to write updates. They provide updated software given to them by handset makers and Google. Many of the handset makers only do what the carriers tell them to do, but obviously they're involved. The real blame, once again, is on Google for not providing patches for ICS after Jelly Bean became available.
The carriers are old and easy villains for the ACLU. They're bad big business. Google, Apple and the handset makers, on the other hand, are good big business. (Microsoft more resembles Google and Apple in this regard, but definitely bad big business. Why is left as an exercise to the reader in the comment section below.)
Now I'd like to think I'm not stupid and I recognize that Google's patching practices are arguably in the interests of the phone makers and carriers (who sell almost all the handsets) in that they increase the need to upgrade phones rapidly. Perhaps the whole system is wrong and everyone's hands are dirty.
Photo Credit: M. Dykstra/Shutterstock